> You will most likely want to use a <security-constraint> and an
> <auth-method> in your web.xml file if you want the container to
> authenticate users automatically. The "roles" attribute in
> struts-config.xml lets you impose additional restrictions above and
beyond
> whatever is set up in web.xml, but doesn't have any way to trigger
> authentication in the first place.
I do in fact have this in my web.xml file. In fact for the test1.jsp
it's working properly. So after this I add the "roles" to the action
but the action gives me the error..
Web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>Test 1</web-resource-name>
<url-pattern>/test1.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>idtect_readonly</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Idtect OEM Server</realm-name>
</login-config>
<security-role>
<role-name>idtect_readonly</role-name>
</security-role>
Struts_config.xml
<!-- Process a user logon -->
<action path="/login"
type="com.idtect.oemserver.web.LoginAction"
name="loginForm"
scope="request"
input="/login.jsp"
roles="idtect_readonly">>
I get the following error:
HTTP Status 400 - User is not authorized to access action /login
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
